CVE-2020-11656 | SynScan

Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Published: Apr 9, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-11656
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
sqlite / sqlite	-	3.31.1.x
oracle / outside_in_technology	8.5.4	8.5.4.x
oracle / outside_in_technology	8.5.5	8.5.5.x
oracle / hyperion_infrastructure_technology	11.1.2.4	11.1.2.4.x
oracle / enterprise_manager_ops_center	12.4.0.0	12.4.0.0.x
oracle / mysql	8.0.0	8.0.22.x
oracle / communications_network_charging_and_control	12.0.2	12.0.2.x
oracle / communications_network_charging_and_control	6.0.1	6.0.1.x
oracle / communications_network_charging_and_control	12.0.0	12.0.3.x
oracle / zfs_storage_appliance_kit	8.8	8.8.x
oracle / communications_messaging_server	8.1	8.1.x
oracle / mysql_workbench	-	8.0.22.x
siemens / sinec_infrastructure_network_services	-	1.0.1.1
tenable / tenable.sc	-	5.19.0.x